[DO-1477] create k8s struct and move openresty (#2)

Co-authored-by: Rustam Tagaev <rustam.tagaev@avroid.tech> Co-authored-by: Denis Patrakeev <denis.patrakeev@avroid.team> Reviewed-on: https://git.avroid.tech/K8s/k8s-configs/pulls/2 Reviewed-by: Denis Patrakeev <denis.patrakeev@avroid.team> Co-authored-by: Rustam Tagaev <rustam.tagaev@avroid.team> Co-committed-by: Rustam Tagaev <rustam.tagaev@avroid.team>
2025-01-17 15:50:41 +03:00
parent 9962ddb2bc
commit 90155cad0b
25 changed files with 392 additions and 0 deletions
--- a/clusters/k8s-avroid-office.prod.local/namespaces/vault-infra/vault-secrets-webhook/values.yaml
+++ b/clusters/k8s-avroid-office.prod.local/namespaces/vault-infra/vault-secrets-webhook/values.yaml
@@ -0,0 +1 @@
+# helm upgrade -n vault-infra --install --wait vault-secrets-webhook oci://ghcr.io/bank-vaults/helm-charts/vault-secrets-webhook
--- a/clusters/k8s-avroid-office.prod.local/namespaces/vault-infra/vault-secrets-webhook/vault-cluster_role_binding.yaml
+++ b/clusters/k8s-avroid-office.prod.local/namespaces/vault-infra/vault-secrets-webhook/vault-cluster_role_binding.yaml
@@ -0,0 +1,19 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/name: clusterrolebinding
+    app.kubernetes.io/instance: manager-rolebinding
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: vault-operator
+    app.kubernetes.io/part-of: vault-operator
+    app.kubernetes.io/managed-by: kustomize
+  name: vault-auth-delegator
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: vault
+  namespace: vault-infra
--- a/clusters/k8s-avroid-office.prod.local/namespaces/vault-infra/vault-secrets-webhook/vault-secret.yaml
+++ b/clusters/k8s-avroid-office.prod.local/namespaces/vault-infra/vault-secrets-webhook/vault-secret.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault
+  namespace: vault-infra
+  annotations:
+    kubernetes.io/service-account.name: vault
+type: kubernetes.io/service-account-token
--- a/clusters/k8s-avroid-office.prod.local/namespaces/vault-infra/vault-secrets-webhook/vault-service-account.yaml
+++ b/clusters/k8s-avroid-office.prod.local/namespaces/vault-infra/vault-secrets-webhook/vault-service-account.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/name: serviceaccount
+    app.kubernetes.io/instance: vault-sa
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: vault-operator
+    app.kubernetes.io/part-of: vault-operator
+    app.kubernetes.io/managed-by: kustomize
+  name: vault
+  namespace: vault-infra
				`@@ -0,0 +1 @@`
				`# helm upgrade -n vault-infra --install --wait vault-secrets-webhook oci://ghcr.io/bank-vaults/helm-charts/vault-secrets-webhook`